String found in binary or memory: F ollow Us: SAN SDefensesansdefe nse1sans defense Podcast equ als (Twitter) String found in binary or memory: F ollow Us: SAN SDefensesansdefe nse1sans defense Podcast equ als (Linkedin ) String found in binary or memory: F ollow Us: SANSOffen sivesa nsoffensiv eoperation s sans-of fensive-op erations Co urse equals w ww.youtube. String found in binary or memory: F ollow Us: SANSOffen sivesa nsoffensiv eoperation s sans-of fensive-op erations Co urse equals w ww.twitter. String found in binary or memory: F ollow Us: SANSOffen sivesa nsoffensiv eoperation s sans-of fensive-op erations Co urse equals w ww.linkedi n.com (Lin kedin) String found in binary or memory: eq uals m (Linkedi n) String found in binary or memory: equals com (Faceb ook) 0) like Ge ckoAccept- Encoding: gzip, defl ateHost: w ww.sans.or gConnectio n: Keep-Al iveįound strings which match to known social media urls
HTTP traffic detected: GET /info/ 63023 HTTP /1.1Accept : text/htm l, applica tion/xhtml +xml, imag e/jxr, */* Accept-Lan guage: en- USUser-Age nt: Mozill a/5.0 (Win dows NT 10. JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware Uses secure TLS version for HTTPS connections Source: C:\Program Files (x8 6)\Interne t Explorer \iexplore. HTTP Parser: No RdrCEF.exe (PID: 6228 cmdline: 'C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroC EF\RdrCEF.